[Gecko Bug 1901510] part 5) Provoke a CSP violation for `object-src 'none'` with "video/mp4" and dummy data instead of with the flash plugin in <trusted-types-reporting.html>. #46977
The spec (https://w3c.github.io/webappsec-csp/#object-src) doesn't
specify for which types a default plugin is loaded.
Moreover, it doesn't specify the behavior when plugin content can not
be loaded.
This patch increases web-compatibility, because it provokes a CSP
violation for Gecko/Firefox too.
The spec (https://w3c.github.io/webappsec-csp/#object-src) doesn't specify for which types a default plugin is loaded. Moreover, it doesn't specify the behavior when plugin content can not be loaded.
This patch increases web-compatibility, because it provokes a CSP violation for Gecko/Firefox too.
Differential Revision: https://phabricator.services.mozilla.com/D215363
bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1901510 gecko-commit: e68da2d23a8e7266701e94dc87e4158cf66c93ca gecko-reviewers: tschuster